class CreditRecordsController < ApplicationController
  layout 'manage'
  before_action :set_credit_record, only: [:show, :edit, :update, :destroy, :upload_evidences, :record_approve, :record_reject]
  before_action :authenticate_admin!, except: [:upload_evidences, :index, :show, :create, :report]
  before_action :authenticate_user!, only: [:upload_evidences, :create, :report], except: [:index, :show]


  skip_before_filter :verify_authenticity_token, only: :upload_evidences

  # POST /credit_records/:id/upload_evidences
  def upload_evidences
    params[:files].each do |file|
      Evidence.create(
        credit_record_id: @credit_record.id,
        user_id: current_user.id,
        picture: file)
    end

    respond_to do |format|
      format.html { redirect_to @credit_record, notice: '证据已提交。' }
      format.json { render :show, status: :created, location: @credit_record }
    end

  end


  def record_approve
    respond_to do |format|
      if @credit_record.can_approve?
        @credit_record.approve!
        format.js { render 'js_record_changed', :layout => false }
      else
        format.js { render :layout => false, :status => :unauthorized  }
      end
    end
  end

  def record_reject
    respond_to do |format|
      if @credit_record.can_reject?
        @credit_record.reject!
        format.js { render 'js_record_changed', :layout => false }
      else
        format.js { render :layout => false, :status => :unauthorized  }
      end
    end
  end

  def report
    @credit_record = CreditRecord.new(credit_record_params)
    @credit_record.user_id = current_user.id


    respond_to do |format|
      if @credit_record.save
        if params[:files]
          params[:files].each do |file|
            Evidence.create(
              credit_record_id: @credit_record.id,
              user_id: current_user.id,
              picture: file)
          end
        end

        if params[:user] && current_user.can_certify?
          current_user.update( params.require(:user).permit( :realname, :citizen_id, :company_name, :car_number, :picture_citizen_card_front, :picture_citizen_card_back, :picture_business_license))
          current_user.certify!
        end

        format.html { redirect_to @credit_record, notice: '灰名单已创建，等待审核。' }
        format.json { render :show, status: :created, location: @credit_record }
      else
        format.html { redirect_to root_path, alert: '输入错误，请检查您的输入内容。'  }
        format.json { render json: @credit_record.errors, status: :unprocessable_entity }
      end
    end
  end



  # GET /credit_records
  # GET /credit_records.json
  def index

    if user_signed_in?
      @credit_records = current_user.credit_records.order(created_at: :desc).page params[:page]
    elsif admin_signed_in?
      #@credit_records = CreditRecord.order(created_at: :desc).page params[:page]
      @search = Search.new(CreditRecord, params[:search])
      @search.order = 'created_at'  # optional
      @credit_records = @search.run
      if params[:state]
        @credit_records = CreditRecord.where(workflow_state: params[:state]).order(created_at: :desc).page params[:page]
      else
        @credit_records = CreditRecord.order(created_at: :desc).page params[:page]
      end
    else
      respond_to do |format|
        format.html { redirect_to new_user_session_path }
      end
    end
  end

  # GET /credit_records
  # GET /credit_records.json
  def select
    @credit_records = CreditRecord.where(workflow_state: params[:state]).order(created_at: :desc).page params[:page]
    respond_to do |format|
      format.html { redirect_to new_user_session_path }
    end
  end

  # GET /credit_records/1
  # GET /credit_records/1.json
  def show
    if user_signed_in?
    elsif admin_signed_in?
    else
      respond_to do |format|
        format.html { redirect_to new_user_session_path }
      end
    end
  end

  # GET /credit_records/new
  def new
    @credit_record = CreditRecord.new
  end

  # GET /credit_records/1/edit
  def edit
  end

  # POST /credit_records
  # POST /credit_records.json
  def create
    @credit_record = CreditRecord.new(credit_record_params)
    @credit_record.user_id = current_user.id

    respond_to do |format|
      if @credit_record.save
        format.html { redirect_to @credit_record, notice: 'Credit record was successfully created.' }
        format.js { render 'show_evidence_upload', :layout => false }
        format.json { render :show, status: :created, location: @credit_record }
      else
        format.html { render :new }
        format.js { render 'show_evidence_upload', :layout => false }
        format.json { render json: @credit_record.errors, status: :unprocessable_entity }
      end
    end
  end

  # PATCH/PUT /credit_records/1
  # PATCH/PUT /credit_records/1.json
  def update
    respond_to do |format|
      if @credit_record.update(credit_record_params)
        format.html { redirect_to @credit_record, notice: 'Credit record was successfully updated.' }
        format.json { render :show, status: :ok, location: @credit_record }
      else
        format.html { render :edit }
        format.json { render json: @credit_record.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /credit_records/1
  # DELETE /credit_records/1.json
  def destroy
    @credit_record.destroy
    respond_to do |format|
      format.html { redirect_to credit_records_url, notice: 'Credit record was successfully destroyed.' }
      format.json { head :no_content }
    end
  end

  private
    # Use callbacks to share common setup or constraints between actions.
    def set_credit_record
      @credit_record = CreditRecord.find(params[:id])
    end

    # Never trust parameters from the scary internet, only allow the white list through.
    def credit_record_params
      params.require(:credit_record).permit(:industry, :person_reported_against, :citizen_id, :address, :reported_reason, :time_of_incident, :reporter_id)
    end
end
